Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> On Mon, Jan 23, 2017 at 01:28:48PM +0100, Florian Westphal wrote:
> > diff --git a/net/netfilter/core.c b/net/netfilter/core.c
> > index 0c629fdf90e1..ce6adfae521a 100644
> > --- a/net/netfilter/core.c
> > +++ b/net/netfilter/core.c
> > @@ -375,7 +375,7 @@ void nf_ct_attach(struct sk_buff *new, const struct sk_buff *skb)
> > {
> > void (*attach)(struct sk_buff *, const struct sk_buff *);
> >
> > - if (skb_nfct(skb)) {
> > + if (skb->nfct) {
>
> I guess this slipped through accidentally. No need to resent, I can
> amend it here.
Hmm, let me review this. I thin the skb_nfct() conversion is erroneous.
(Q: If original is UNTRRACKED, should the reply packet that is being
attached be UNTRACKED or INVALID?)
I think its "UNTRACKED", and then this needs testing of skb->_nfct .
(at least once the untracked object gets removed).
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
